Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configure Port Forwarding to Multiple Internal IP Addresses

ASA 5505 Firmware 8.3(4), ADSM 6.4(2)

Here is what I am trying to do...

I have a public IP address of 168.87.3.4

I need to forward ports (5060, 5080, etc.) to one internal address. (192168.1.1)

I need to foward different ports (10020-10080) to a different internal address (192.168.1.2)

Everything I read tells me how to do this in a 1 to 1 static NAT, but I cannot find any information on how to the above.

1 REPLY
New Member

Configure Port Forwarding to Multiple Internal IP Addresses

Justin, this sample is for ASA 8.4(3)

Single port from Internet to single LAN IP

object network LAN-PC1

host 10.10.100.50

object-group service LAN-PC1-8000 tcp

object-port eq 8000

access-list incoming extended permite tcp any object LAN-PC1 object-group LAN-PC1-8000 tcp

object network LAN-PC1

nat (any,outside) static interface service tcp 8000 8000

In the single port forwarding if you want to forward different ports from the Internface outside IP, you have to create a single object group per port.

This sample is more that one port to a single internal IP

object network LAN-SERVER01

host 10.10.100.10

object network WAN-SERVER01

host 8.8.8.8

object-group service LAN-SERVER-01-PORTS tcp

object-port eq 25

object-port eq 80

object-port eq 443

access-list incoming extended permite tcp any object LAN-SERVER01 object-group LAN-SERVER-01-PORTS tcp

object network LAN-SERVER01

nat (any,outside) static WAN-SERVER01

In multiports to a single LAN IP, you have to set all ports in group for a single LAN IP.

I hope this help enough.

Regards.

Jos.

3510
Views
0
Helpful
1
Replies